Date: Wed, 1 Nov 2000 09:58:08 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/kern kern_jail.c sysv_msg.c sysv_sem.c sysv_shm.c src/sys/sys jail.h Message-ID: <200011011758.JAA28087@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2000/11/01 09:58:08 PST
Modified files: (Branch: RELENG_4)
sys/kern kern_jail.c sysv_msg.c sysv_sem.c
sysv_shm.c
sys/sys jail.h
Log:
o MFC of System V IPC disabling in jail():
1.8 +6 -1 src/sys/kern/kern_jail.c
1.26 +17 -1 src/sys/kern/sysv_msg.c
1.29 +14 -1 src/sys/kern/sysv_sem.c
1.49 +20 -1 src/sys/kern/sysv_shm.c
1.10 +2 -1 src/sys/sys/jail.h
Log:
o Deny access to System V IPC from within jail by default, as in the
current implementation, jail neither virtualizes the Sys V IPC namespace,
nor provides inter-jail protections on IPC objects.
o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1
using sysctl.
o This is not the "real fix" which involves virtualizing the System V
IPC namespace, but prevents processes within jail from influencing those
outside of jail when not approved by the administrator.
Reported by: Paulo Fragoso <paulo@nlink.com.br>
Revision Changes Path
1.6.2.2 +6 -1 src/sys/kern/kern_jail.c
1.23.2.3 +17 -1 src/sys/kern/sysv_msg.c
1.24.2.4 +14 -1 src/sys/kern/sysv_sem.c
1.45.2.3 +20 -1 src/sys/kern/sysv_shm.c
1.8.2.2 +2 -1 src/sys/sys/jail.h
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011011758.JAA28087>